Switch to the store?

CFEngine 3 Beginner's Guide

More Information
  • Install and configure the Cfengine environment including the server and clients. Understand the Cfengine policy decision flow.
  • Build complete systems including laptops, desktops, servers, mainframes, etc. with minimal human intervention across multiple nodes.
  • Conduct system audits and detect anomalies in the desired state of a system.
  • Schedule various tasks from a centralized policy server and make changes to multiple systems' state by making those changes on a single centralized policy server.
  • Syntax and usage of various controls; Cfengine provides relevant and easy to understand examples.
  • Monitor services and system states from a centralized policy server.
  • Write complex work flows to solve complex data centre issues.
  • Use advanced functions and variables inbuilt in Cfengine.
  • Implement best practices for effective change management and infrastructure management.
  • Create and manage a knowledge base with an inbuilt knowledge management tool.

Cfengine is a compact automation framework primarily used to provide automated configuration and maintenance of laptops, desktops, servers, and mainframes. It is not a very complex framework, but certainly is extensive. There is too much to learn and it is hard to convey in a simple way what the software can do. That is where this book steps in and saves your day.

Cfengine 3 Beginner's Guide is the first and only book dedicated to Cfengine. It dives deep into using the framework's 'promise' language to solve complex data center problems. Find all the details you’ll need about using the advanced functions and variables, with easy-to-understand examples. The book also covers complex work flows that showcase the framework’s possibilities.

This book starts off with step-by-step instructions for installing and configuring the Cfengine server and clients, and moves on to configuring systems using Cfengine scripts. The author then walks you through the policy decision flow, conducting system and security audits.

This is followed by detailed discussions, through various examples, on how you can use Cfengine to configure systems, users, networks, databases, web servers et al. Adding to this, the book also provides a list of best practices, Cfengine policy decision flow, and how you may use the Cfengine Orion Cloud pack. By the end of the book you should be able to write policies for automating your complex data centre tasks.

  • The first and only book dedicated to the Cfengine framework.
  • Detailed instructions on installing, configuring, and setting up Cfengine and using it to build, secure and monitor your infrastructure.
  • Real world projects and tasks straight from the data centre. Monitoring, logging and reporting explained with easy-to-understand examples.
  • Covers all Cfengine commands, promises, variables, functions and best practices.
Page Count 336
Course Length 10 hours 4 minutes
Date Of Publication 24 Oct 2011
Why CFEngine?
Installing CFEngine
Time for action – listing open ports and associated services
Time for action – creating a file under your home directory
Time for action – deleting log files
How do CFEngine components communicate?
Setting up a policy server
Time for action – taking file backups
System configuration
Time for action – user and group configuration
Time for action – setting up a web service
Time for action – setting up a database service
Time for action – mounting a NFS volume
Time for action – setting up a network interface
Time for action – adding a jailed user to a system
Control promises
Time for action – file and directory permissions audit
Time for action – user and group audit
Server control promises
Time for action – log rotation using CFEngine
Access control using CFEngine
Time for action – installing OSSEC
Time for action – auditing the system with CFEngine and OSSEC
Configuring and auditing access controls
Time for action – managing access control with TCP wrapper
Time for action – auditing SSHD log files for break-in attempts
Time for action – managing iptables with CFEngine
Auditing the file system
Time for action – looking out for suspicious file names
Time for action – verifying the sudoers file
Time for action – finding a file with setuid and setgid
Time for action – auditing Apache logs
State information
Time for action – generating custom reports
Menu driven configuration
Content driven configuration
CFEngine templates
Time for action – distributing a MySQL configuration file using template expansion
Knowledge management
Time for action – topic map for services
CFEngine and ITIL
CFEngine Nova—an introduction
CFEngine special functions
Time for action – setting system variables
Functions that work on or with regular expressions
Time for action – getting a list of servers that are up and running on the network
Functions that return string
Time for action – concatenating individual objects using a given conjunction
Functions that fill arrays
Time for action – configuring Apache virtual hosts from a list of domains in a file
CFEngine special variables
Variable context mon
Time for action – logging information in case the system's load average is above the threshold
Variable context match
Time for action – comment matching lines



Rajneesh works as Senior Manager, Technical Operations at Info Edge India Ltd. In the past, he has worked in a number of very successful web hosting organizations. With several years of System Administration experience behind his back he is now focussed on architecture design, system life cycle management, configuration management and capacity planning.